Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
3
2
2017
12.18.2020

Does Your Organization Need Cyberinsurance?

Last updated:
9.16.2020
12.18.2020
No items found.

In the past decade, alongside the increased importance of digital tools for business, a new category of insurance has sprung up to cover digital data breaches and liability. With the average total cost of data breaches reaching $4 million dollars and the average cost of each lost or stolen digital record increasing to $158, it is clear that experiencing a data breach is an expensive affair.

While dedicated security response teams and encryption do decrease these costs, and IPS/IDS systems and other security measures can help reduce the risk, many organizations will still experience a data breach at some point.

Cyberinsurance can help mitigate the cost of a data breach by reimbursing your company for legal fees, helping with the cost of crisis management and investigation, notification costs, extortion liability fees, and third party damages relating to network or system outages. But does every organization need cyberinsurance?

 

Cyberinsurance Basics: Going Beyond General Liability

Your business likely already has general liability insurance to cover injury, property damage, and some other risks from your everyday services, operations, and products. However it often specifically excludes damages from cybersecurity related causes. Cyberinsurance comes in a number of flavors and has a premium cost between $1000 and $50,000 depending on your coverage and risk level, much of which is tied to the size of your company and the nature of your business.

Cyberinsurance is an evolved form of Errors and Omissions, a form of insurance that you may already have. Dating back decades, E&O covers any claims generated from service errors, like the disruption of your digital services. This also covers service problems from more office-oriented industries like legal, medical, or engineering. Eventually some E&O policies included coverage for network outages, unauthorized system access, or viruses.

Depending on the type of cyberinsurance you choose, it will cover:

Is Cyberinsurance a Good Idea For Your Organization?

Any business that performs a significant portion of its operations digitally should take a hard look at cyberinsurance. If you store or handle personal identifying information (PII) or personal health information (PHI) on a computer system, even if that system is operated by a third party service provider, cyberinsurance might be wise. This includes customer names, addresses, credit card processing, and so forth.

Talk to your broker about what your current general liability and/or E&O coverage might cover in the case of a digital incident. Consider how much information you might be processing or storing regularly. If you are a smaller organization, the additional cost may not be worth it compared to the risks — but consider that 43% or more of cyber attacks target small businesses.

 

How to Start Shopping for Cyberinsurance

Take a hard look at your existing cybersecurity measures before approaching a broker. What can you implement to minimize your risks and in turn minimize your deductible and premium? Do you have hardened and up-to-date software and hardware? Do you monitor your systems? Have you added IPS/IDS? Are your employees trained about security best practices, including avoiding phishing and social engineering? Have you had a threat assessment performed?

Talk to multiple insurance providers. Some of them may want to perform audits of their own on your IT systems. If one doesn’t have the coverage you think you need, move on. Compare deductibles and premiums, naturally, but also be aware of sublimits on fines, penalties, or other limits. These could include a maximum sublimit payout for regulatory fines; or that your network must be down for a minimum of 12 hours in order for coverage to kick in.

Ask about how making a claim — or not making one in a given year — might affect your premium. Inquire as to their guidance process around making smart security choices for your company. Some insurance providers may have special requirements like encryption, or may exclude internal breaches from employees. While more complicated to implement, a very detailed policy helps you avoid expensive liability.

 

Cyberinsurance is an evolving field, but it is becoming more essential to businesses of all sizes, especially as Software as a Service and other cloud-based services become commonplace. In the light of major breaches occurring every year, it may be wise to re-examine your business insurance to see if cyberinsurance coverage makes sense for you.

Recent Blog Posts

lunavi logo alternate white and yellow
7.21.2021
07
.
19
.
2021
How Lunavi Approaches Digital Transformation: HostingAdvice Company Profile

For prospective clients and partners, the history, ethos, and capabilities of a vendor are paramount. HostingAdvice.com recently profiled Lunavi to explore our approach.

Learn more
lunavi logo alternate white and yellow
5.20.2021
04
.
26
.
2021
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more
lunavi logo alternate white and yellow
4.20.2021
04
.
20
.
2021
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more